Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Overview

General Information

Sample URL:http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analysis ID:791888
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 5272 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5692 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49679
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
Source: classification engineClassification label: clean0.win@26/3@4/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\6d9bc226-77cc-44fa-85f1-07543759e5b4.tmpJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8550%VirustotalBrowse
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8550%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.203.109
truefalse
    high
    www.google.com
    142.250.203.100
    truefalse
      high
      clients.l.google.com
      142.250.203.110
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
            high
            http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855false
              high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                142.250.203.100
                www.google.comUnited States
                15169GOOGLEUSfalse
                142.250.203.110
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                142.250.203.109
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                IP
                192.168.2.1
                127.0.0.1
                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:791888
                Start date and time:2023-01-25 23:35:21 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 4m 41s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:11
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@26/3@4/6
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 23.35.236.109, 142.250.203.99, 34.104.35.123
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                No simulations
                No context
                No context
                No context
                No context
                No context
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):79
                Entropy (8bit):4.928727704087349
                Encrypted:false
                SSDEEP:3:VQ3X4l1Wce1R6JHDlQXfMhWRXJo/XAn:VQ3e1WujeXEWxC4n
                MD5:56415F32FE2800C44E70C685DDF51273
                SHA1:08231AB77735BBFAA25BB43016000A04A69D7EC8
                SHA-256:F8B979F3CC1930EA1BC0759EDF600B4346ED5E3604B30738986603B3179C6349
                SHA-512:AF39B478A5A9D62F57B4D3C9EF77A54B88B2A09DADF381C077AF20FCB18E022BDEF79AFC33CBD9CDE86EF71E541A1A6DD8D7D017F5E7730C794E00CC7FE733B6
                Malicious:false
                Reputation:low
                Preview:)]}'.{"current_time_millis":1674686193248,"server_nonce":3.9963421519700253E-4}
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):79
                Entropy (8bit):4.928727704087349
                Encrypted:false
                SSDEEP:3:VQ3X4l1Wce1R6JHDlQXfMhWRXJo/XAn:VQ3e1WujeXEWxC4n
                MD5:56415F32FE2800C44E70C685DDF51273
                SHA1:08231AB77735BBFAA25BB43016000A04A69D7EC8
                SHA-256:F8B979F3CC1930EA1BC0759EDF600B4346ED5E3604B30738986603B3179C6349
                SHA-512:AF39B478A5A9D62F57B4D3C9EF77A54B88B2A09DADF381C077AF20FCB18E022BDEF79AFC33CBD9CDE86EF71E541A1A6DD8D7D017F5E7730C794E00CC7FE733B6
                Malicious:false
                Reputation:low
                Preview:)]}'.{"current_time_millis":1674686193248,"server_nonce":3.9963421519700253E-4}
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):79
                Entropy (8bit):4.928727704087349
                Encrypted:false
                SSDEEP:3:VQ3X4l1Wce1R6JHDlQXfMhWRXJo/XAn:VQ3e1WujeXEWxC4n
                MD5:56415F32FE2800C44E70C685DDF51273
                SHA1:08231AB77735BBFAA25BB43016000A04A69D7EC8
                SHA-256:F8B979F3CC1930EA1BC0759EDF600B4346ED5E3604B30738986603B3179C6349
                SHA-512:AF39B478A5A9D62F57B4D3C9EF77A54B88B2A09DADF381C077AF20FCB18E022BDEF79AFC33CBD9CDE86EF71E541A1A6DD8D7D017F5E7730C794E00CC7FE733B6
                Malicious:false
                Reputation:low
                Preview:)]}'.{"current_time_millis":1674686193248,"server_nonce":3.9963421519700253E-4}
                No static file info
                TimestampSource PortDest PortSource IPDest IP
                Jan 25, 2023 23:36:33.146045923 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.146096945 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.146177053 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.147042990 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.147078037 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.147146940 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.147371054 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.149326086 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.149342060 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.149415016 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.154017925 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.154638052 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.154670000 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.154768944 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.155205011 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.155225039 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.155700922 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.156909943 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.156934023 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.158010006 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.158029079 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.158376932 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.158401012 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.165597916 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.165692091 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.167963028 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.171526909 CET8049685142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.171652079 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.173753023 CET8049687142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.173842907 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.186000109 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.231266975 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.234055996 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.234107018 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.235488892 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.235590935 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.247256994 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.249763012 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.249819994 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.251130104 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.251246929 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.262196064 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.266411066 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.266453981 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.267122030 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.267250061 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.268085957 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.268174887 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.268235922 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.268265009 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.268348932 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.273974895 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.275046110 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.275079012 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.275779963 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.275959015 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.276803017 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.277165890 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.666359901 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.666438103 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.666564941 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.667057991 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.667081118 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.730966091 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.753254890 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.753304005 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.756953955 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.757143021 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.852842093 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.852874994 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.852931976 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.852943897 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.853079081 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.853142977 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.853267908 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.853295088 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.853368044 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.853388071 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.853517056 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.853565931 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.860328913 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.860383034 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.860574007 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.860716105 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.860744953 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.861134052 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.861161947 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.896981001 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.897133112 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.897154093 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.897172928 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.897264004 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.898474932 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.898492098 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.935215950 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.935384035 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.935419083 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.935622931 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.935703993 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.938369989 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.938400030 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.970613956 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.970674992 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.970752001 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.970787048 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:34.070599079 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:34.070715904 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:34.070799112 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:34.070835114 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:43.745285988 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:43.745409012 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:43.745510101 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:48.096868992 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:48.096915960 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:18.175812006 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:18.191447020 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:18.193224907 CET8049685142.250.203.110192.168.2.3
                Jan 25, 2023 23:37:18.209768057 CET8049687142.250.203.110192.168.2.3
                Jan 25, 2023 23:37:18.285248041 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:18.302778959 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:37:18.988406897 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:37:18.988436937 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:37:18.988451004 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:18.988481045 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:37:33.738356113 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:33.738428116 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:33.738991022 CET49708443192.168.2.3142.250.203.100
                Jan 25, 2023 23:37:33.739043951 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.739130020 CET49708443192.168.2.3142.250.203.100
                Jan 25, 2023 23:37:33.739748001 CET49708443192.168.2.3142.250.203.100
                Jan 25, 2023 23:37:33.739777088 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.756036997 CET8049685142.250.203.110192.168.2.3
                Jan 25, 2023 23:37:33.756145000 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:33.756580114 CET8049687142.250.203.110192.168.2.3
                Jan 25, 2023 23:37:33.756671906 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:37:33.802264929 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.803388119 CET49708443192.168.2.3142.250.203.100
                Jan 25, 2023 23:37:33.803467035 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.804486036 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.805628061 CET49708443192.168.2.3142.250.203.100
                Jan 25, 2023 23:37:33.805663109 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.805862904 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:33.851878881 CET49708443192.168.2.3142.250.203.100
                Jan 25, 2023 23:37:43.795980930 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:43.796145916 CET44349708142.250.203.100192.168.2.3
                Jan 25, 2023 23:37:43.796400070 CET49708443192.168.2.3142.250.203.100
                TimestampSource PortDest PortSource IPDest IP
                Jan 25, 2023 23:36:31.042781115 CET6495353192.168.2.38.8.8.8
                Jan 25, 2023 23:36:31.043081999 CET5426453192.168.2.38.8.8.8
                Jan 25, 2023 23:36:31.062387943 CET53649538.8.8.8192.168.2.3
                Jan 25, 2023 23:36:31.081307888 CET53542648.8.8.8192.168.2.3
                Jan 25, 2023 23:36:33.645991087 CET6552253192.168.2.38.8.8.8
                Jan 25, 2023 23:36:33.663678885 CET53655228.8.8.8192.168.2.3
                Jan 25, 2023 23:37:33.716484070 CET5113953192.168.2.38.8.8.8
                Jan 25, 2023 23:37:33.734278917 CET53511398.8.8.8192.168.2.3
                TimestampSource IPDest IPChecksumCodeType
                Jan 25, 2023 23:36:32.707323074 CET192.168.2.38.8.8.8d010(Port unreachable)Destination Unreachable
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Jan 25, 2023 23:36:31.042781115 CET192.168.2.38.8.8.80xb4e7Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:31.043081999 CET192.168.2.38.8.8.80xbf44Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:33.645991087 CET192.168.2.38.8.8.80x8a6fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Jan 25, 2023 23:37:33.716484070 CET192.168.2.38.8.8.80xa623Standard query (0)www.google.comA (IP address)IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Jan 25, 2023 23:36:31.062387943 CET8.8.8.8192.168.2.30xb4e7No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Jan 25, 2023 23:36:31.062387943 CET8.8.8.8192.168.2.30xb4e7No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:31.081307888 CET8.8.8.8192.168.2.30xbf44No error (0)accounts.google.com142.250.203.109A (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:33.663678885 CET8.8.8.8192.168.2.30x8a6fNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                Jan 25, 2023 23:37:33.734278917 CET8.8.8.8192.168.2.30xa623No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                • accounts.google.com
                • clients2.google.com
                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.349679142.250.203.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.349681142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.349682142.250.203.11080C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Jan 25, 2023 23:36:33.167963028 CET14OUTGET /time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Jan 25, 2023 23:36:33.268235922 CET35INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                X-Content-Type-Options: nosniff
                x-cup-server-proof: 304602210091a94de5241aa90b6559a5f9e74fb32996976f1f83f37fef52d3d90cb1a4de0b022100be725b6ee2c64fe0876765a6be5e6c82547fa833ec53989c4b4f758569c6147f:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                ETag: W/"304602210091a94de5241aa90b6559a5f9e74fb32996976f1f83f37fef52d3d90cb1a4de0b022100be725b6ee2c64fe0876765a6be5e6c82547fa833ec53989c4b4f758569c6147f:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 25 Jan 2023 22:36:33 GMT
                Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                Cross-Origin-Opener-Policy: same-origin
                Content-Encoding: gzip
                Transfer-Encoding: chunked
                Server: ESF
                X-XSS-Protection: 0
                X-Frame-Options: SAMEORIGIN
                Data Raw: 35 66 0d 0a 1f 8b 08 00 00 00 00 00 02 ff d2 8c ad 55 e7 aa 56 4a 2e 2d 2a 4a cd 2b 89 2f c9 cc 4d 8d cf cd cc c9 c9 2c 56 b2 32 34 33 37 31 b3 30 33 b4 34 36 32 b1 d0 51 2a 4e 2d 2a 4b 2d 8a cf cb cf 4b 4e 55 b2 32 d6 b3 b4 34 33 36 31 32 34 35 b4 34 37 30 30 32 35 76 d5 35 a9 05 00 00 00 ff ff 0d 0a
                Data Ascii: 5fUVJ.-*J+/M,V2437103462Q*N-*K-KNU24361245470025v5
                Jan 25, 2023 23:36:33.268265009 CET35INData Raw: 61 0d 0a 03 00 37 1e 4e 90 4f 00 00 00 0d 0a 30 0d 0a 0d 0a
                Data Ascii: a7NO0
                Jan 25, 2023 23:37:18.285248041 CET495OUTData Raw: 00
                Data Ascii:


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.349685142.250.203.11080C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Jan 25, 2023 23:37:18.175812006 CET495OUTData Raw: 00
                Data Ascii:


                Session IDSource IPSource PortDestination IPDestination PortProcess
                4192.168.2.349687142.250.203.11080C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Jan 25, 2023 23:37:18.191447020 CET495OUTData Raw: 00
                Data Ascii:


                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.349679142.250.203.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-01-25 22:36:33 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
                2023-01-25 22:36:33 UTC0OUTData Raw: 20
                Data Ascii:
                2023-01-25 22:36:33 UTC3INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 25 Jan 2023 22:36:33 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Content-Security-Policy: script-src 'report-sample' 'nonce-5uGC4_abzlHFxrz93ZSMzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-01-25 22:36:33 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2023-01-25 22:36:33 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.349681142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-01-25 22:36:33 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-104.0.5112.81
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-01-25 22:36:33 UTC1INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-KrK-LqN8Hdt_1_ApDzfQ6g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 25 Jan 2023 22:36:33 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 5868
                X-Daystart: 52593
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-01-25 22:36:33 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 36 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 32 35 39 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5868" elapsed_seconds="52593"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2023-01-25 22:36:33 UTC2INData Raw: 6d 78 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69
                Data Ascii: mxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" si
                2023-01-25 22:36:33 UTC3INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Click to jump to process

                Click to jump to process

                Click to dive into process behavior distribution

                Click to jump to process

                Target ID:0
                Start time:23:36:27
                Start date:25/01/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff614650000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:1
                Start time:23:36:28
                Start date:25/01/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff614650000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:2
                Start time:23:36:29
                Start date:25/01/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                Imagebase:0x7ff614650000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                No disassembly